Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition ((CVE-2015-0410, CVE-2014-6593, CVE-2015-0383, CVE-2015-0138))

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5 and 7, that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factorin...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM BladeCenter Advanced Management Module (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, and CVE-2015-0206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM BladeCenter Advanced Management Module AMM. AMMhas addressed the applicable CVEs...

Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, CVE-2015-0204)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Apr 2015. Vulnerability Details CVEID:CVE-2015-0488 DESCRIPTION: An...

SUSE CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

Security Bulletin: Vulnerability with RSA Export Keys May Affect IBM WebSphere Application Server on Asset and Service Management (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability CVE-2015-0138 may affect some configurations of IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere Application Server Hypervisor Edition...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects WebSphere Process Server and WebSphere Process Server Hypervisor Editions (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Full Profile and IBM WebSphere Application Server Hypervisor Edition that is used by WebSphere Process Server and WebSphere Process Server Hypervisor Editions...

Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java™ Technology Edition April 2015 CPU affect WebSphere Process Server

Summary There are multiple vulnerabilities in IBM SDK for Java™ Technology Edition that is used by WebSphere Process Server. These issues were disclosed as part of the IBM SDK for Java Technology Edition updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerability with RSA Export Keys may affect IBM HTTP Server and WebSphere EDGE Caching Proxy (CVE-2015-0138)

Summary The "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability CVE-2015-0138 may affect some configurations of IBM HTTP Server for WebSphere Application Server and IBM WebSphere EDGE caching proxy. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects WebSphere Business Services Fabric (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Full Profile that is used by WebSphere Business Services Fabric. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS...

Security Bulletin: Vulnerability in IBM Java SDK Runtime affects DS8000 (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects some versions of DS8000. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in SSL/TLS implementations could allow a remote attacker to downgrade the security of certain...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Power Hardware Management Console (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Liberty Profile Version 8.5 that is used by Power Hardware Management Console. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in vario...

Security Bulletin: Multiple vulnerabilities in the IBM® Runtime Environments, Java™ Technology Edition, Version 6 affects the IBM InfoSphere Optim Data Masking Solution.

Summary There are multiple vulnerabilities in the IBM Runtime Environments, Java Technology Edition, Version 6 CVE-2015-0488, CVE-2015-2808,CVE-2015-0410, CVE-2015-1916,CVE-2015-0204 that affect the IBM InfoSphere Optim Data Masking Solution. These issues were disclosed as part of the IBM Java SD...

Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateway appliances (CVE-2014-3570, CVE-2015-0204)

Summary SSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM DataPower Gateway has addressed the corresponding applicable CVEs. Vulnerability Details CVEID: CVE-2014-35...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-6593, CVE-2015-0383, CVE-2015-0410, CVE-2015-0138)

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 1.6 that is used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management CLM, Rational Requirements Composer RRC, Rational DOORS Next...

Security Bulletin: Vulnerabilities in GSKit affect InfoSphere BigInsights (CVE-2015-0138, CVE-2015-0159)

Summary GSKit is an IBM component that is used by InfoSphere BigInsights. The GSKit that is shipped with InfoSphere BigInsights contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. InfoSphere BigInsights has...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Synergy (CVE-2015-0138, CVE-2014-6593,CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for System z CVE-2015-0138

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, that is used by Rational Developer for System z. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for System z (CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that is used by Rational Developer for System z. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPO...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5, 6, and 7 that are used by Tivoli Netcool/OMNIbus. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack...

Security Bulletin: Multiple vulnerabilities, including Freak and Bar Mitzvah, in IBM Java SDK affect IBM i.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i. The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability and the RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM i java. Vulnerability Details CVEID: CVE-2015-04...